Security

Security

November 19, 2021 2021-11-20 12:41

SECURE PRIVACY STATEMENT

We take great care in maintaining the security of the Site and your information and in preventing unauthorized access, loss, misuse, alteration, destruction or damage to it through industry standard technologies and internal procedures.

Among other things, we regularly maintain a PCI DSS (Payment Card Industry Data Security Standards) certification (with respect to payment by credit cards). In addition, we contractually ensure that any third party processing your personal information equally provides for confidentiality and integrity of your data in a secure way. However, the transmission of data via the internet is not completely secure, and although we will do our best to protect your personal information, we cannot guarantee the security of your data transmitted to the Site; any transmission is at your own risk. Once we have received your data, we will use strict procedures and security features to try to prevent unauthorized access. Users who have registered to the Site agree to keep their password in strict confidence and not disclose such password to any third party.

Network and application security

Data Hosting and Storage: We are using Google Cloud Platform (Google Cloud) and Amazon Web Services (AWS) which are used to provide infrastructure services to host and operate the Service. By using AWS and Google Cloud, Proovio is able to take advantage of their sophisticated security environment.

Virtual Private Cloud

All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACLs) that prevent unauthorized requests from getting to our internal network.

Application Security

Employs a static code review process to increase the security of the code used to provide the Service. This code is reviewed and approved based on peer review prior to staging the code. All development for the Service is based on Secure Development Lifecycle (SDLC) model.

Data Integrity. Measures are in place to prevent corruption of stored Customer Data due to a malfunctioning of the Service. These include patch management and change control procedures, QA testing prior to release, and logging of all changes to production systems for the Service.

Data Breach Management

If Proovio becomes aware of a Data Breach, It will notify Customer without undue delay of the Data Breach, and take reasonable steps to minimize harm and secure Customer Data. Notification(s) of any Data Breach will be delivered to the email address provided while creating account. Customer acknowledges that it is solely responsible for ensuring that the contact information set is current and valid. Customer agrees that “Data Breaches” do not include: (i) unsuccessful access attempts or similar events that do not compromise the security or privacy of Customer Data, including pings, port scans, denial of service attacks, and other network attacks on firewalls or networked systems; or (ii) breach of security not caused by Proovio

Personnel Security

Proovio conducts appropriate background checks of our employees to the extent legally permissible and in accordance with applicable local labor law and statutory regulations.

Employees are required to (a) execute a confidentiality agreement; (b) undergo annual security training, and (c) if handling Customer Data, complete additional requirements appropriate to their role.

Employees are required to conduct themselves in a manner consistent with the company’s guidelines regarding confidentiality, business ethics, appropriate usage, and professional standards.